When Black Mirror: Bandersnatch was released on Netflix last December, it was fairly obvious that the choose-your-own-adventure experiment represented a fresh step in data collection for the streaming service. Now, a researcher has offered proof that Netflix is storing and mining your choices. Surprisingly, that’s actually a good reason to feel optimistic.
For those who aren’t familiar, Bandersnatch is an episode of the techno-dystopian anthology series Black Mirror. It offers viewers the option to make binary decisions at specific points of the episode that had an effect on how the story progressed and which ending a viewer would see. It’s a novel experience that perfectly fits into the show’s larger themes about the modern world.
Only time will tell if audiences actually want to see this kind of storytelling approach repeated. But it was immediately recognised as a tool with the potential to help Netflix gather more data about users’ preferences. Michael Veale, a technology policy researcher at the University College London, wanted to know exactly how Netflix was treating his Bandersnatch viewing data, so he utilised his right under the European Union’s GDPR data regulation to request that info from Netflix.
Veale followed the GDPR right of access process to submit his request, and Netflix eventually returned that viewing data through an encrypted email. Veale then posted the results of his request to Twitter for all of us to peruse. The bottom line is that Netflix is recording and storing the choices people make when they watch the episode.
… and a .csv file with the choices you have made, when you made them, the platform you made them on and whether you had watched those segments before. pic.twitter.com/nY0GKOEsKL
— Michael Veale (@mikarv) February 12, 2019
Veale told Motherboard that it’s hard to say whether the process of getting Netflix to hand over this data would be as smooth for everyone. He said he had to be specific in his request in order to get the data he was looking for and that he suspects Netflix was very cooperative because he’s known in Europe for making right-to-access requests and publicizing the results.
“Knowing what ‘all your data’ is, and what the company’s definition of ‘all your data’ does not include, is most of the challenge,” he told Motherboard.
We reached out to Netflix to ask if this data would be included if a citizen of the EU simply requested “all” of the data Netflix stores about them, but we did not receive an immediate reply. Veale tweeted a correspondence he had with a representative of the streaming service in which they explained that the choices are only used on an individual basis to inform Netflix’s recommendation algorithm. Netflix said that the choices made in aggregate help inform decisions it will make on future changes to its choose-your-own-adventure tools.
Netflix’s explanation makes a certain amount of sense, and when you compare this to the hoards of information that Facebook and Google surreptitiously collect on users, it really seems like a small concern.
But hey, pointing out small concerns early helps prevent them from becoming big concerns. At one point in Bandersnatch, you choose between two fictional cereals that the main character could have for breakfast. It’s easy to imagine a similar scenario in which the cereals aren’t fictional and your choice is sold to an advertiser for targeted marketing.
This is why I say that Veale’s story is actually kind of optimistic. This is a great example of GDPR giving Europeans powerful new tools for protection. The regulations have only been in place since last May, and there’s not yet a reliable consensus on whether GDPR is a successful program. In my own browsing experience here in the U.S., I certainly run into more websites that ask if I accept their cookie policy.
It’s annoying as hell, and I can’t imagine it’s doing very much good. That’s not to say that I think the cookie disclosure policy is bad, only that it isn’t sparking any kind of great anti-cookie revolution. But the right-to-access policy has a lot of potential to keep tech giants in line simply out of fear of being caught.
In the United States, tech companies are black boxes that tend to keep their activities as secret as possible. But right-to-access requests give European users the chance to demand what information a company is collecting about them. They can then tell us all about it and hopefully, that’s adding an extra little don’t-be-evil consideration to the decision-making process.
And while it’s hard to get too worked up over Netflix studying viewer habits to make programming decisions, there is something a little weird about the company claiming that it needs to link this data to personal accounts in order to inform its personal recommendations. If you decide that one character should kill another, does Netflix add a “movies that sociopaths love” category? It’s totally understandable that it wants to use the data to refine its tools, but I just don’t see how it would be very valuable for recommendations.
If it cut out the recommendation part of the equation, it could totally anonymize the aggregate data and be in a perfectly acceptable position from a privacy perspective. The irony is that Bandersnatch uses the choose-your-own-adventure conceit as part of a meta-narrative about questioning the very nature of free will.
As the episode progresses, it becomes clear how boxed-in the viewer’s choices are and that’s mirrored by the characters’ increasing realisation that they are doomed by fate. The fact that Netflix doesn’t request user consent to link and store this information is the kind subtle twist that the show’s creators surely relish.